Senior Vulnerability Researcher

This is a fully remote position, open to applicants in Mexico.

📋 Description

• Conduct security research on web applications, APIs, and intricate application workflows.

• Detect, validate, and replicate real-world vulnerabilities in contemporary applications.

• Examine authentication, authorization, session management, and access control systems.

• Convert manual penetration testing methodologies into automated detection and exploitation techniques.

• Create and enhance payloads, exploitation strategies, and methods for validating vulnerabilities.

• Scrutinize HTTP traffic, browser behavior, and application processes to reveal security flaws.

• Collaborate with engineering teams to enhance the platform’s automation and offensive security functions.

• Clearly document findings, including technical specifics, impact assessments, and reproduction procedures.

⛳️ Requirements

• Over 5 years of practical experience in vulnerability research, penetration testing, bug bounty initiatives, or offensive security.

• Strong knowledge of web application and API security.

• Comprehensive understanding of authentication and authorization processes; JWT, OAuth, SSO, sessions, and cookies; access control vulnerabilities and privilege escalation.

• Demonstrated ability to identify vulnerabilities (IDOR / BOLA, business logic flaws, authentication bypasses, privilege escalation vulnerabilities).

• Experience with offensive security tools (Burp Suite, Postman, curl, Browser DevTools).

• Capability to analyze and manipulate HTTP requests/responses and application behavior.

• Scripting skills in Python or JavaScript.

• Experience in transforming manual pentesting processes into automated testing logic.

• Excellent communication and documentation abilities.

• Conversational proficiency in English.

• Must reside in Latin America.

• Nice to have:

• Strong Python development capabilities.

• Experience with browser automation tools (Playwright, Selenium, Puppeteer).

• Familiarity with GraphQL, gRPC, WebSockets, and mobile APIs.

• Exposure to cloud security environments.

• Knowledge of AI-driven security or automated exploitation processes.

• Familiarity with tools like Nuclei or bespoke vulnerability scanners.

🏝️ Benefits

• 100% Remote Work: Enjoy the flexibility to work from wherever you feel most productive. All you need is a laptop and a stable internet connection.

• Highly Competitive USD Pay: Receive an outstanding, market-leading salary in USD, surpassing typical market offerings.

• Paid Time Off: We prioritize your well-being. Our paid time off policies allow you to relax and recharge when necessary.

• Work with Autonomy: Enjoy the flexibility to manage your time as long as your tasks are completed. Focus on outcomes rather than the clock.

• Collaborate with Top American Companies: Enhance your skills by working on innovative, high-impact projects alongside industry-leading U.S. companies.